Commit 6da5e226 authored by Ladislav Lhotka's avatar Ladislav Lhotka

Replace YANG modules with latest revisions.

parent d8c3f096
...@@ -33,7 +33,7 @@ module dns-server { ...@@ -33,7 +33,7 @@ module dns-server {
"This YANG module defines the data model for an authoritative DNS "This YANG module defines the data model for an authoritative DNS
server."; server.";
revision 2016-01-14 { revision 2016-08-03 {
description description
"Initial revision."; "Initial revision.";
reference reference
...@@ -191,7 +191,7 @@ module dns-server { ...@@ -191,7 +191,7 @@ module dns-server {
leaf name { leaf name {
type string; type string;
description description
"The name of the list entry."; "Name of a list entry.";
} }
} }
......
This diff is collapsed.
...@@ -10,6 +10,10 @@ module dnssec-signing { ...@@ -10,6 +10,10 @@ module dnssec-signing {
prefix "yang"; prefix "yang";
} }
import ietf-inet-types {
prefix "inet";
}
import dns-server { import dns-server {
prefix "dnss"; prefix "dnss";
} }
...@@ -29,7 +33,7 @@ module dnssec-signing { ...@@ -29,7 +33,7 @@ module dnssec-signing {
"This YANG module defines configuration data and RPC operations "This YANG module defines configuration data and RPC operations
for automatic DNSSEC signatures."; for automatic DNSSEC signatures.";
revision 2016-01-14 { revision 2016-03-03 {
description description
"Initial revision."; "Initial revision.";
reference reference
...@@ -38,12 +42,21 @@ module dnssec-signing { ...@@ -38,12 +42,21 @@ module dnssec-signing {
/* Typedefs */ /* Typedefs */
typedef lifetime { typedef time-interval {
type uint32; type uint32 {
range "1..max";
}
units "seconds"; units "seconds";
description description
"This type is used for the lifetime values of keys and "This type is used for time intervals such as TTL of resource
signatures."; records or lifetime values of keys and signatures.";
}
typedef key-size {
type uint16;
units "bits";
description
"Size of a cryptographic key.";
} }
typedef key-id { typedef key-id {
...@@ -92,12 +105,11 @@ module dnssec-signing { ...@@ -92,12 +105,11 @@ module dnssec-signing {
description description
"Encryption algorithm for which the key works."; "Encryption algorithm for which the key works.";
} }
leaf length { leaf size {
type uint16; type key-size;
units "bits";
mandatory "true"; mandatory "true";
description description
"Length of the key."; "Size of the key.";
} }
leaf publish { leaf publish {
type yang:date-and-time; type yang:date-and-time;
...@@ -212,19 +224,17 @@ module dnssec-signing { ...@@ -212,19 +224,17 @@ module dnssec-signing {
description description
"Algorithm used for signing keys and issued signatures."; "Algorithm used for signing keys and issued signatures.";
} }
leaf ksk-length { leaf ksk-size {
type uint16; type key-size;
units "bits";
default "2048"; default "2048";
description description
"Length of generated key-signing keys."; "The size of generated key-signing keys.";
} }
leaf zsk-length { leaf zsk-size {
type uint16; type key-size;
units "bits";
default "1024"; default "1024";
description description
"Length of generated zone-signing keys."; "The size of generated zone-signing keys.";
} }
leaf dnskey-ttl { leaf dnskey-ttl {
type dnss:rr-ttl; type dnss:rr-ttl;
...@@ -232,7 +242,7 @@ module dnssec-signing { ...@@ -232,7 +242,7 @@ module dnssec-signing {
"TTL value for DNSKEY records added to zone apex."; "TTL value for DNSKEY records added to zone apex.";
} }
leaf zsk-lifetime { leaf zsk-lifetime {
type lifetime; type time-interval;
default "2592000"; default "2592000";
description description
"Time interval after which ZSK rollover will be initiated. "Time interval after which ZSK rollover will be initiated.
...@@ -240,7 +250,7 @@ module dnssec-signing { ...@@ -240,7 +250,7 @@ module dnssec-signing {
The default value corresponds to 30 days."; The default value corresponds to 30 days.";
} }
leaf rrsig-lifetime { leaf rrsig-lifetime {
type lifetime; type time-interval;
default "1209600"; default "1209600";
description description
"Lifetime of newly issued signatures. "Lifetime of newly issued signatures.
...@@ -281,6 +291,77 @@ module dnssec-signing { ...@@ -281,6 +291,77 @@ module dnssec-signing {
description description
"Extra delay added to every key rollover step."; "Extra delay added to every key rollover step.";
} }
leaf manual {
type boolean;
default "false";
description
"Setting this flag to true enables manual key management.
In this case, no keys will be generated or rolled out
automatically.";
}
leaf keystore {
type leafref {
path "../../keystore/name";
}
description
"Name of a keystore to be used by the policy.";
}
}
list keystore {
key "name";
description
"The list of configured stores for private key material.";
uses dnss:entry-name;
leaf backend {
type enumeration {
enum pkcs8 {
description
"This backend type stores private key material in
unencrypted X.509 PEM files.";
}
enum pkcs11 {
description
"This backend type stores private key material in a
cryptographic token accessible via the PKCS#11
interface.";
}
}
default "pkcs8";
description
"Type of the keystore backend.";
}
choice keystore-config {
description
"Additional configuration parameters for individual
backends.";
case pkcs8 {
when "../backend = 'pkcs8'";
leaf keystore-directory {
type dnss:fs-path;
description
"Absolute path to a filesystem directory where private
key material is stored.";
}
}
case pkcs11 {
when "../backend = 'pkcs11'";
leaf token-url {
type inet:uri;
description
"URI of the PKCS#11 token.
If the token is protected by a PIN, the URI must
include 'pin-value' or 'pin-source' attribute.";
reference
"RFC 7512: The PKCS #11 URI Scheme";
}
leaf module-path {
type dnss:fs-path;
description
"PKCS #11 module path.";
}
}
}
} }
} }
......
This diff is collapsed.
...@@ -36,7 +36,7 @@ module knot-dns { ...@@ -36,7 +36,7 @@ module knot-dns {
reference reference
"https://www.knot-dns.cz/docs/2.0/html/"; "https://www.knot-dns.cz/docs/2.0/html/";
revision 2016-01-13 { revision 2016-08-03 {
description description
"Initial revision."; "Initial revision.";
reference reference
...@@ -215,7 +215,7 @@ module knot-dns { ...@@ -215,7 +215,7 @@ module knot-dns {
description description
"Knot-specific configuration data."; "Knot-specific configuration data.";
list log { list log {
key "name"; key "target";
description description
"List of log options. "List of log options.
...@@ -252,33 +252,20 @@ module knot-dns { ...@@ -252,33 +252,20 @@ module knot-dns {
description description
"Severity levels."; "Severity levels.";
} }
uses dnss:entry-name; leaf target {
uses dnss:description; type string;
choice target {
mandatory "true";
description description
"Destination of log messages."; "Destination of log messages. The value can be either a
leaf stdout { file name, or one of the following special strings:
type empty;
description - stdout: log messages are sent to standard output,
"Standard output.";
} - stderr: log messages are sent to standard error,
leaf stderr {
type empty; - stderr: log messages are passed to the syslog
description facility.";
"Standard error.";
}
leaf syslog {
type empty;
description
"Syslog service.";
}
leaf file {
type dnss:fs-path;
description
"File name.";
}
} }
uses dnss:description;
leaf server { leaf server {
type severity; type severity;
description description
...@@ -414,7 +401,7 @@ module knot-dns { ...@@ -414,7 +401,7 @@ module knot-dns {
} }
augment "/dnss:dns-server/dnss:query-module" { augment "/dnss:dns-server/dnss:query-module" {
when "dnss:type = 'knot:dnstap'"; when "derived-from-or-self(dnss:type, 'knot:dnstap')";
description description
"Configuration of 'dnstap' query module."; "Configuration of 'dnstap' query module.";
container dnstap { container dnstap {
...@@ -446,7 +433,7 @@ module knot-dns { ...@@ -446,7 +433,7 @@ module knot-dns {
} }
augment "/dnss:dns-server/dnss:query-module" { augment "/dnss:dns-server/dnss:query-module" {
when "dnss:type = 'knot:synth-record'"; when "derived-from-or-self(dnss:type, 'knot:synth-record')";
description description
"Configuration of 'synth-record' query module."; "Configuration of 'synth-record' query module.";
container synth-record { container synth-record {
...@@ -508,7 +495,7 @@ module knot-dns { ...@@ -508,7 +495,7 @@ module knot-dns {
} }
augment "/dnss:dns-server/dnss:query-module" { augment "/dnss:dns-server/dnss:query-module" {
when "dnss:type = 'knot:dnsproxy'"; when "derived-from-or-self(dnss:type, 'knot:dnsproxy')";
description description
"Configuration of 'dnsproxy' query module."; "Configuration of 'dnsproxy' query module.";
container dnsproxy { container dnsproxy {
...@@ -527,7 +514,7 @@ module knot-dns { ...@@ -527,7 +514,7 @@ module knot-dns {
} }
augment "/dnss:dns-server/dnss:query-module" { augment "/dnss:dns-server/dnss:query-module" {
when "dnss:type = 'knot:rosedb'"; when "derived-from-or-self(dnss:type, 'knot:rosedb')";
description description
"Configuration of 'rosedb' query module."; "Configuration of 'rosedb' query module.";
container rosedb { container rosedb {
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
}, },
{ {
"name": "dns-server", "name": "dns-server",
"revision": "2016-01-14", "revision": "2016-08-03",
"namespace": "http://www.nic.cz/ns/yang/dns-server", "namespace": "http://www.nic.cz/ns/yang/dns-server",
"feature": [ "feature": [
"acl-entry-port", "acl-entry-port",
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
}, },
{ {
"name": "dnssec-signing", "name": "dnssec-signing",
"revision": "2016-01-14", "revision": "2016-03-03",
"namespace": "http://www.nic.cz/ns/yang/dnssec-signing", "namespace": "http://www.nic.cz/ns/yang/dnssec-signing",
"conformance-type": "implement", "conformance-type": "implement",
"schema": "https://gitlab.labs.nic.cz/labs/dns-server-yang/raw/master/dnssec-signing.yang" "schema": "https://gitlab.labs.nic.cz/labs/dns-server-yang/raw/master/dnssec-signing.yang"
...@@ -64,7 +64,7 @@ ...@@ -64,7 +64,7 @@
}, },
{ {
"name": "knot-dns", "name": "knot-dns",
"revision": "2016-01-13", "revision": "2016-08-03",
"namespace": "http://www.nic.cz/ns/yang/knot-dns", "namespace": "http://www.nic.cz/ns/yang/knot-dns",
"conformance-type": "implement", "conformance-type": "implement",
"schema": "https://gitlab.labs.nic.cz/labs/dns-server-yang/raw/master/knot-dns.yang" "schema": "https://gitlab.labs.nic.cz/labs/dns-server-yang/raw/master/knot-dns.yang"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment